Sawmill is a Cisco/IronPort C Series Secure Email log analyzer (it also supports the 1020 other log formats listed to the left).
It can process log files
in Cisco/IronPort C Series Secure Email format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Cisco/IronPort C Series Secure Email logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Cisco/IronPort C Series Secure Email log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.

Sawmill stores the following non-numerical fields in its database for Cisco/IronPort C Series Secure Email, generates reports for each field, and allows dynamic filtering on any combination of these fields:

Field

Internal Name

date/time

date_time

day of week

day_of_week

hour of day

hour_of_day

action

action

from

from

to

to

SBRS action

sbrs_action

SBRS list

sbrs_list

SBRS score

sbrs_score

message ID

message_id

subject

subject

antispam_result

antispam_result

antivirus result

antivirus_result

interface

interface

interface host

interface_host

address

address

reverse DNS host

reverse_dns_host

response

response

reason

reason

ICID

icid

MID

mid

RID

rid

warning message

warning_message

location

location

meta

meta

x_filetypes

x_filetypes

Sawmill stores the following numerical fields in its database for Cisco/IronPort C Series Secure Email, aggregating them and including them as columns in most reports:

Numerical Field

Internal Name

events

events

messages delivered

messages_delivered

messages queued

messages_queued

messages rejected

messages_rejected

messages aborted

messages_aborted

messages spam positive

messages_spam_positive

messages virus positive

messages_virus_positive

message deliveries aborted

message_deliveries_aborted

messages quarantined

messages_quarantined

messages bounced

messages_bounced

messages delayed

messages_delayed

bytes transferred

bytes_transferred

x_filesizes

x_filesizes

warnings

warnings

See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Cisco/IronPort C Series Secure Email reports.